Skip to content

feat: Implement user profile management page closes #77#92

Merged
imuniqueshiv merged 2 commits into
imuniqueshiv:mainfrom
M0izz:feat/user-profile-page
Jul 7, 2026
Merged

feat: Implement user profile management page closes #77#92
imuniqueshiv merged 2 commits into
imuniqueshiv:mainfrom
M0izz:feat/user-profile-page

Conversation

@M0izz

@M0izz M0izz commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary
Implements a dedicated User Profile Management page at /profile, closing #77. Users can now view their profile details and edit their name, avatar (via image URL), and bio, without touching any authentication or JWT logic.

Backend

  • Added profilePic and bio fields to userSchema (userModel.js)
  • Extended getUserData to return profilePic, bio, and createdAt
  • Added updateUserProfile controller with server-side validation (name required, image URL format check)
  • Registered PUT /api/user/update under existing userAuth middleware
  • Registered the user router in server.js (previously unmounted)

Frontend

  • New Profile.jsx: view mode (avatar, name, role badge, email, organization, role, "Member since" date, bio) and edit mode (name, avatar URL, bio) with inline validation errors and a cancel/discard action
  • Fallback initials avatar when no image is set or the URL fails to load
  • /profile added as a protected route in App.jsx
  • Navbar.jsx updated to show the custom avatar (desktop + mobile), with the initials box layered underneath so a broken image link falls back without layout shift
  • On save, setUserData() updates shared AppContext, so Navbar/Dashboard reflect changes immediately without a refresh
  • Styled to match the existing light theme (bg-white, slate palette, blue focus states) - no dark mode introduced
    Scope
    No changes to authentication, JWT handling, protected routes, organization management, or unrelated pages, per the issue's constraints.

Screenshots
Before: (no dedicated profile page - see artifacts)
After - view mode: (see artifacts)
After - edit mode: (see artifacts)

Screen recording and artifacts
The visual demo and saved screenshot are available in the local directory:

  • Screenshot:
final_profile_view_1783433461658
  • Screen Recording:
profile_page_demo_1783433222450

Testing checklist

  • Profile loads correctly
  • - [x] Profile updates save successfully
  • - [x] Avatar URL updates correctly
  • - [x] Fallback avatar displays when no image / broken URL
  • - [x] Validation errors show for blank name / malformed URL
  • - [x] Existing authentication unaffected
  • - [x] Responsive on desktop, tablet, mobile
  • - [x] No console errors
  • - [x] npm run format:check, npm run lint, npx prettier . --check, npm run build all pass

Summary by CodeRabbit

  • New Features

    • Added a new profile page where users can view and edit their name, profile picture, and bio.
    • Profile pictures now appear in the app’s avatar areas, with a fallback when no image is available.
  • Improvements

    • Added support for updating profile details and saving them across sessions.
    • Improved app navigation to include access to the new profile area.

@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

@M0izz is attempting to deploy a commit to the Shiv Raj Singh's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds a user profile feature (profilePic/bio fields, updateUserProfile API, PUT /update route, Profile page with view/edit modes, avatar rendering in Navbar, and /profile routing). The remainder of the PR applies broad non-functional formatting changes (quote style, line-wrapping, bullet markers) across documentation, configuration, and client/server source files.

Changes

User Profile Feature

Layer / File(s) Summary
Profile data model and API
server/models/userModel.js, server/controllers/userController.js, server/routes/userRoutes.js, server/server.js
Adds profilePic/bio fields to the user schema, extends getUserData response, adds updateUserProfile handler with validation, wires a PUT /update route, and mounts userRoutes at /api/user.
Profile page, routing, and avatar UI
client/src/App.jsx, client/src/context/AppContent.js, client/src/pages/Profile.jsx, client/src/components/Navbar.jsx
Adds a /profile route rendering the new Profile page (view/edit modes, validation, save/cancel), exposes AppContent as default export, and updates desktop/mobile avatar rendering to show profilePic with initials fallback.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Repo-wide formatting and style cleanup

Layer / File(s) Summary
Documentation and template formatting
.github/ISSUE_TEMPLATE/*, .github/PULL_REQUEST_TEMPLATE.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, README.md, SECURITY.md
Converts bullet markers to hyphens, adds checkbox-style list items, and reformats tables and spacing.
Client build config and static assets
client/eslint.config.js, client/index.html, client/vite.config.js, client/src/assets/*
Standardizes quote/semicolon style and reformats favicon markup and template literal terminators.
Client component formatting
client/src/components/*
Reformats JSX layout in FAQ, Footer, Header, Hero, and meeting-related components without changing rendered output.
Client context and entrypoint formatting
client/src/context/AppContext.jsx, client/src/main.jsx, client/src/index.css
Reformats auth/logout logic blocks, render tree structure, and CSS shadow/cursor declarations.
Client page formatting
client/src/pages/*
Reformats request payloads and JSX across CreateOrganizationPage, EmailVerify, MeetingRoom, Reports, ResetPassword, SelectRolePage, Summaries, and TeamMembers.
Server controller, route, and model formatting
server/config/*, server/controllers/*, server/models/*, server/middleware/userAuth.js, server/routes/*, server/services/speechService.js
Reformats response chains, request headers, and error handling without changing status codes or logic.
Scripts and test formatting
pineconeSearch.js, scripts/update-contributors.js, testEmbedding.js
Reformats imports and logging statements without behavior changes.

Estimated code review effort: 2 (Simple) | ~15 minutes

Possibly related issues

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding a user profile management page.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (3)
client/src/pages/Profile.jsx (2)

179-197: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low value

Broken avatar is only cleared client-side, not persisted back.

On image load failure, setUserData({ ...userData, profilePic: "" }) updates local state/localStorage but never calls the update API, so the invalid URL remains stored server-side. The broken-image toast will resurface on every fresh session/reload until the user manually re-edits their profile.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@client/src/pages/Profile.jsx` around lines 179 - 197, The avatar fallback in
Profile is only clearing local state inside the img onError handler, so the
broken profilePic remains saved on the server. Update the onError flow in
Profile.jsx to persist the cleared profilePic through the existing profile
update API instead of only calling setProfilePic and setUserData, so the invalid
image URL is removed for future sessions.

82-90: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Client-side URL validation accepts non-http(s) schemes.

Same underlying gap as the backend's new URL(profilePic) check (see server/controllers/userController.js lines 70-79) — this only confirms parseability, not that the scheme is http/https. Since the backend is the authoritative boundary, fixing it there is the priority; this client-side duplicate should mirror whatever restriction is added server-side for consistent UX (immediate feedback instead of a round-trip 400).

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@client/src/pages/Profile.jsx` around lines 82 - 90, The Profile.jsx
client-side check only verifies that profilePic can be parsed by new URL, so it
can still accept non-http(s) schemes. Update the validation in the Profile
component to mirror the server-side restriction in userController by explicitly
requiring http:// or https://, and keep the error message aligned with that rule
so the UX matches the authoritative backend validation.
server/controllers/userController.js (1)

22-37: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Duplicated user-response shaping between getUserData and updateUserProfile.

The { id, name, email, ... profilePic, bio, createdAt } object is built identically in both handlers. Extracting a small formatUserResponse(user) helper would remove the duplication and keep the two endpoints' contracts in sync automatically going forward.

Also applies to: 101-116

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@server/controllers/userController.js` around lines 22 - 37, The user response
object is being assembled twice in both getUserData and updateUserProfile, so
extract the shared shaping logic into a helper like formatUserResponse(user)
near userController.js and use it in both handlers. Keep the helper responsible
for returning the same fields currently included (id, name, email,
isAccountVerified, role, hasCompletedOnboarding, organization, profilePic, bio,
createdAt) so both endpoints stay consistent and duplication is removed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@client/src/components/Navbar.jsx`:
- Around line 398-414: The avatar image fallback in Navbar is mutating the DOM
with an inline display:none, which can leave a broken avatar permanently hidden
after the URL changes. Update the desktop and mobile avatar render paths to use
React state in Navbar instead of e.target.style.display, so a failed load is
tracked and cleared whenever userData.profilePic changes. Keep the fallback
logic centralized by extracting a small Avatar component or otherwise applying
the same state-reset behavior to both duplicated copies.

In `@server/controllers/userController.js`:
- Around line 81-93: The `userModel.findByIdAndUpdate` update in
`userController` is overwriting `profilePic` and `bio` with empty strings when
those fields are omitted. Change the update payload so `name`, `profilePic`, and
`bio` are only included in `$set` when they were actually provided in
`req.body`, using the existing `updatedUser` flow to keep the partial-update
behavior safe.
- Around line 63-79: The profile update validation in userController should be
tightened so it enforces the same minimum name length on the server and only
accepts browser-safe image URLs for profilePic. Update the validation logic in
the profile update handler to reject names shorter than the required minimum,
and in the existing new URL(profilePic) check, additionally verify the scheme is
limited to http and https before accepting it.

---

Nitpick comments:
In `@client/src/pages/Profile.jsx`:
- Around line 179-197: The avatar fallback in Profile is only clearing local
state inside the img onError handler, so the broken profilePic remains saved on
the server. Update the onError flow in Profile.jsx to persist the cleared
profilePic through the existing profile update API instead of only calling
setProfilePic and setUserData, so the invalid image URL is removed for future
sessions.
- Around line 82-90: The Profile.jsx client-side check only verifies that
profilePic can be parsed by new URL, so it can still accept non-http(s) schemes.
Update the validation in the Profile component to mirror the server-side
restriction in userController by explicitly requiring http:// or https://, and
keep the error message aligned with that rule so the UX matches the
authoritative backend validation.

In `@server/controllers/userController.js`:
- Around line 22-37: The user response object is being assembled twice in both
getUserData and updateUserProfile, so extract the shared shaping logic into a
helper like formatUserResponse(user) near userController.js and use it in both
handlers. Keep the helper responsible for returning the same fields currently
included (id, name, email, isAccountVerified, role, hasCompletedOnboarding,
organization, profilePic, bio, createdAt) so both endpoints stay consistent and
duplication is removed.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f05f6d71-57a2-4a4c-978f-2e5f203b7746

📥 Commits

Reviewing files that changed from the base of the PR and between a6c618a and 9ec236a.

📒 Files selected for processing (57)
  • .github/ISSUE_TEMPLATE/bug_report.md
  • .github/ISSUE_TEMPLATE/config.yml
  • .github/PULL_REQUEST_TEMPLATE.md
  • CODE_OF_CONDUCT.md
  • CONTRIBUTING.md
  • README.md
  • SECURITY.md
  • client/eslint.config.js
  • client/index.html
  • client/src/App.jsx
  • client/src/assets/assets.js
  • client/src/assets/emailTemplates.js
  • client/src/components/FAQ.jsx
  • client/src/components/Footer.jsx
  • client/src/components/Header.jsx
  • client/src/components/Hero.jsx
  • client/src/components/Navbar.jsx
  • client/src/components/meetings/EmptyState.jsx
  • client/src/components/meetings/MeetingCard.jsx
  • client/src/components/meetings/MeetingFilters.jsx
  • client/src/components/meetings/MeetingRepository.jsx
  • client/src/components/meetings/Pagination.jsx
  • client/src/context/AppContent.js
  • client/src/context/AppContext.jsx
  • client/src/index.css
  • client/src/main.jsx
  • client/src/pages/CreateOrganizationPage.jsx
  • client/src/pages/EmailVerify.jsx
  • client/src/pages/MeetingRoom.jsx
  • client/src/pages/Profile.jsx
  • client/src/pages/Reports.jsx
  • client/src/pages/ResetPassword.jsx
  • client/src/pages/SelectRolePage.jsx
  • client/src/pages/Summaries.jsx
  • client/src/pages/TeamMembers.jsx
  • client/vite.config.js
  • pineconeSearch.js
  • scripts/update-contributors.js
  • server/config/emailTemplates.js
  • server/config/mongodb.js
  • server/controllers/aiController.js
  • server/controllers/analyticsController.js
  • server/controllers/authControllers.js
  • server/controllers/meetingController.js
  • server/controllers/organizationController.js
  • server/controllers/searchController.js
  • server/controllers/userController.js
  • server/middleware/userAuth.js
  • server/models/meetingModel.js
  • server/models/organizationModel.js
  • server/models/userModel.js
  • server/routes/geminiRoutes.js
  • server/routes/meetingRoutes.js
  • server/routes/userRoutes.js
  • server/server.js
  • server/services/speechService.js
  • testEmbedding.js

Comment thread client/src/components/Navbar.jsx
Comment thread server/controllers/userController.js
Comment thread server/controllers/userController.js
@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
meetonmemory Ready Ready Preview, Comment Jul 7, 2026 4:55pm

Comment thread server/routes/userRoutes.js Fixed
Comment thread server/routes/userRoutes.js Fixed
Comment thread server/routes/userRoutes.js Fixed
Comment thread server/routes/userRoutes.js Fixed

@imuniqueshiv imuniqueshiv left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@M0izz Thank you for your contribution and for the effort you've put into implementing the User Profile Management page! 🚀

Overall, this is a well-structured feature with a good user experience. I appreciate the backend validation, frontend integration, responsive layout, and the immediate AppContext updates after saving profile changes.

Before I can merge this PR, I'd like to request a couple of changes:

1. Fix the avatar fallback behavior

Currently, the avatar image is hidden using an inline display: none inside the onError handler.

Once an image fails to load, updating the profile with a valid image URL can still leave the avatar hidden until the page is refreshed.

Please manage the image loading state using React state instead of directly mutating the DOM so that the avatar updates correctly whenever the profile picture changes.


2. Resolve the CodeQL security alerts

The PR currently introduces new High Severity CodeQL alerts related to missing rate limiting on:

  • GET /api/user/data
  • PUT /api/user/update

Please add the project's existing rate limiting middleware (or another appropriate solution) to these routes so the new security alerts are resolved before merging.


Once these two items are addressed, I'll be happy to review the updated implementation again.

Thanks again for your contribution and for taking the time to build this feature. I really appreciate your effort and look forward to the updated PR! 🎉

@M0izz M0izz force-pushed the feat/user-profile-page branch from 4e98f68 to e924718 Compare July 7, 2026 16:01
@M0izz

M0izz commented Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

@imuniqueshiv fixed the issues , can u take a look and tell me any more changes you would like?, thnx letting me contribute :)

Comment thread server/routes/userRoutes.js Dismissed
Comment thread server/routes/userRoutes.js Dismissed
@imuniqueshiv

Copy link
Copy Markdown
Owner

@M0izz Thank you for your excellent contribution and for being so responsive to the review feedback! 🚀

I really appreciate the effort you put into refining the implementation, addressing the avatar fallback issue, and resolving the remaining review comments. The User Profile Management page is a valuable addition to MeetOnMemory, and I'm happy to have merged your work.

Thank you for contributing to MeetOnMemory! If you found the project helpful, please consider ⭐ starring the repository. I hope to see more of your contributions in the future. Happy coding! 💙

@imuniqueshiv imuniqueshiv merged commit 3a34369 into imuniqueshiv:main Jul 7, 2026
8 checks passed
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

🎉 Thank you for your contribution! Your pull request has been successfully merged. We appreciate your effort in improving MeetOnMemory, @M0izz!

@imuniqueshiv imuniqueshiv added enhancement New feature or request good first issue Good for newcomers ECSoC26 Eligible for Elite Coders Summer of Code 2026 automated scoring. good-pr +15 XP frontend labels Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ECSoC26-L2 ECSoC26 Eligible for Elite Coders Summer of Code 2026 automated scoring. enhancement New feature or request frontend good first issue Good for newcomers good-pr +15 XP

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants